Is UK confidence in GDPR readiness misplaced?

Businesses have less than three months to prepare for the General Data Protection Regulation (GDPR), which represents the largest overhaul of privacy and information laws across Europe in decades.

But UK firms appear to be ahead of the curve when it comes to preparedness, according to a new study from W8 Data. The company questioned organisations across the top ten countries in Europe based on gross domestic product and found Britain was the most confident about meeting its compliance obligations for the May 2018 deadline.

The study found 29 per cent of UK enterprises either didn't know about the GDPR or felt totally unprepared for its introduction. This may seem high, considering the significant fines attached to non-compliance, but a staggering 73 per cent of Spanish businesses say they aren't ready.

Swedes and Germans were also lacking confidence, with 71 and 52 per cent of respondents, respectively, claiming they didn't believe they would be prepared in time.

"It is fantastic news that the UK is leading the march when it comes to compliance," said W8 Data managing director Will Anthes.

"We have always been at the forefront of the marketing industry and the fact that we are taking a more positive stance demonstrates our maturity and understanding of the need for better data protection."

Underinvestment could prove a problem

Despite the positive results, separate studies have shown that UK companies may be overly confident in their compliance efforts regarding the GDPR.

Law firm Paul Hastings publishes regular updates on GDPR readiness among major UK and US companies. In December, 94 per cent of FTSE 350 firms and 98 per cent of Fortune 500 businesses said they were on track to comply.

However, Paul Hastings revealed a gulf between company confidence and the implementation efforts being made. For example, only 39 per cent of UK respondents had set up an internal GDPR taskforce.

Just 33 per cent have enlisted the services of a third-party consultant to help with compliance and less than one-third have hired a data privacy officer or additional privacy staff.

Furthermore, only 10 per cent of UK firms have a dedicated GDPR compliance budget. A previous Paul Hastings survey in October showed a lack of investment in new technologies – one in ten firms have strengthened their IT systems to cope with the GDPR.